Linux KVM VPS is quite popular server setups these days for people using the cPanel and WHM panel to manage their servers and reseller accounts. Also, now SSL certificates are a must for all the websites after Google started giving preference in search to secure websites.
With WHM panel it is super easy to configure an SSL certificate and automatically update it every 3 months(most of the SSL certificates have to be renewed after 90 days). Also, you can do it for all the cPanel accounts hosted on a server using the Manage AutoSSL feature of the WHM panel.
But this feature doesn't work well if you have Cloudflare services enabled on any cPanel account, because when we have Cloudflare setup on any account then any request for that account is passed through Cloudflare VPN before reaching the server and also the DNS provided for that cPanel account would be of Cloudflare and not the local DNS server.
Hence every 3 months the SSL certificate uploaded using Let's Encrypt expires and auto-renewal for it doesn't work although it is a part of cPanel feature.
I have searched for solutions and have tried multiple workarounds but none seems to work, also here is what the official cPanel Technical Support said when asked about this issue:
I understand that you are inquiring about any additional or necessary steps required to allow websites that utilize CloudFlare services to use the AutoSSL feature provided by cPanel. I apologize, however, cPanel's AutoSSL functionality does not work for any domains utilizing CloudFlare and/or any CDN/proxy type services. For SSL Domain Control Validation to succeed, the domain must resolve to an IP address located on your cPanel server. At this time there are no known workarounds, other than disabling CloudFlare.
Hence there is only one way to update the SSL certificate, do the following:
Open your Cloudflare account.
On the Home page, look for the option Pause Cloudflare on Site, click on it to pause Cloudflare on your website temporarily.
Now login to WHM Panel and search for Manage AutoSSL.
On Manage AutoSSL page click on the button Run AutoSSL for all Users. This will renew the SSL certificate on the server.
Once you are done, go to Cloudflare and again enable the Cloudflare service on the site.
SHARE YOUR THOUGHTS WITH US!